I want to use VMware to debug some networking code in the linux kernel in the VM. My VM has two network interfaces. What I want to do is replay the capture file in the host and receive the packets in the VM. My problem is I do not see replayed packets in the VM.

I am running VMware and tcpreplay on the host as sudo. Hence I think there should not be any problem access devices files.

I am running VMware workstation 7.0

a. I first began with Custom networking as that provides option of creating your own virtual network name. I wrote /dev/vmnet3 and /dev/vmnet4 for the two interfaces respectively. However, after booting the guest, I did not see any of these interfaces or devices files (in /dev) created on the host.

b. Then I tried 'Host Only', but that does not show what bridge/device file is associated with the interface.

c. Finally I tried bridged networking mode.

I see vmnet1, vmnet8 and vboxnet0 on the host. I have tcpreplayed the capture file on each of these interfaces, for all the above three cases. I tried to capture packets in the VM using "tcpdump -i any". However, I do not see any packets.

Just to clarify - in the VM Config you have two virtual network adapters and both of these are connected to the same virtual network? Which Linux flavour are you using in the Guest OS and have you installed the VMware tools in the Guest OS?
–
HelvickJan 23 '10 at 18:40

2 Answers
2

I haven't tried this in VMware Workstation lately, but typically this is a result of one of the following:

The VM you are trying to capture from isn't putting the NIC in promiscuous mode, so can't see packets that aren't destined for it. You can solve this by either running tcpdump as root in the VM or by changing your tcpreplay to use the MAC address of the VM as the destination for the packets it is sending (tcpreplay comes with tcprewrite, which makes this sort of change easy). Alternately, you could make the dest MAC address of the packets being replayed the broadcast address, ff:ff:ff:ff:ff:ff (WARNING: VERY DANGEROUS. Unless you really understand what you are doing, I recommend unplugging from the physical network before doing this).

The host isn't allowing the VM to put the interface into promiscuous mode. I'm not sure how to adjust this in VMware Workstation, but in ESX[i] there is an option on the vSwitch for "Allow Promiscuous Mode". You could also work around this by changing the destination MAC address of the tcpreplay stream as mentioned in 1.

The permissions on the vmnet in the host aren't correct to allow promiscuous mode to work (assuming you are using Linux as the host OS). There are a bunch of VMware KB articles on this, and solving it is inconsistent at best. You might be able to do it by chmodding the /dev/vmnetX interface to 777, but you are probably better off just making your replay traffic destined for the MAC of the VM if one of the other answers doesn't solve it first.

If the destination MAC address in the capture you are replaying is not the MAC on the interface inside VM and there is a host in the same VLAN that has that MAC you will not see any traffic, because the virtual switch will forward the frames on the port associated with that MAC.

Try to list the bridge forward table and search for your destination mac.